packages: libs/savedynamic: Add package that uses new modular firewall to save chains with dynamically generates rules from packages such as miniupnpd and strongswan in order that they might be preserved across a firewall restart (but not a router reboot).
git-svn-id: svn://svn.openwrt.org/openwrt/packages@21368 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
cshore
parent
768233501f
commit
ad388c3bfc
72
libs/savedynamic/files/savedynamic.sh
Normal file
72
libs/savedynamic/files/savedynamic.sh
Normal file
@ -0,0 +1,72 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/functions.sh
|
||||
|
||||
savedynamic_print_table_chain() {
|
||||
local table="$1"
|
||||
local chain="$2"
|
||||
local fsave="$3"
|
||||
local fsavetmp="$fsave"".tmp"
|
||||
local next_table_line
|
||||
local cur_table_line
|
||||
local table_line
|
||||
table_line="$(($(grep -n "^*$table" "$fsave" | cut -f1 -d: ) + 1))"
|
||||
tail -n+$table_line $fsave >"$fsavetmp"
|
||||
for cur_table_line in $(grep -n "^*" "$fsavetmp"); do
|
||||
[ -z "$next_table_line" ] && {
|
||||
local lineno="$(echo $cur_table_line | cut -f1 -d:)"
|
||||
[ -n "$lineno" ] && [ "$lineno" -gt $(($table_line - 1)) ] && {
|
||||
next_table_line=$lineno
|
||||
}
|
||||
}
|
||||
done
|
||||
[ -z "$next_table_line" ] && {
|
||||
next_table_line="$(cat $fsavetmp|wc -l)"
|
||||
}
|
||||
next_table_line=$(($next_table_line - 1))
|
||||
head -n $next_table_line "$fsave.tmp" | grep $chain | grep -Ev "^:$chain"
|
||||
rm -f "$fsavetmp"
|
||||
}
|
||||
|
||||
savedynamic_save_fw_chain() {
|
||||
local chain
|
||||
local table
|
||||
local fsave="/tmp/.firewall/save"
|
||||
|
||||
config_get chain $1 chain
|
||||
config_get table $1 table filter
|
||||
[ -z "$chain" ] && return 0
|
||||
mkdir -p /tmp/.firewall
|
||||
iptables-save >"$fsave"
|
||||
savedynamic_print_table_chain $table $chain "$fsave" > /tmp/.firewall/save-$table-$chain
|
||||
|
||||
}
|
||||
|
||||
savedynamic_load_fw_chain() {
|
||||
local chain
|
||||
local table
|
||||
|
||||
config_get chain $1 chain
|
||||
config_get table $1 table filter
|
||||
[ -e /tmp/.firewall/save-$table-$chain ] && [ "$(cat /tmp/.firewall/save-$table-$chain | wc -l)" -ge 1 ] && {
|
||||
iptables -t $table -N $chain
|
||||
while read line; do
|
||||
sh -c "iptables -t $table $line"
|
||||
done < /tmp/.firewall/save-$table-$chain
|
||||
rm /tmp/.firewall/save-$table-$chain
|
||||
}
|
||||
}
|
||||
|
||||
savedynamic_pre_stop_cb() {
|
||||
echo "Saving dynamic firewall chains"
|
||||
config_load firewall
|
||||
|
||||
config_foreach savedynamic_save_fw_chain save
|
||||
}
|
||||
|
||||
savedynamic_post_core_cb() {
|
||||
echo "Loading dynamic firewall chains"
|
||||
|
||||
config_load firewall
|
||||
config_foreach savedynamic_load_fw_chain save
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user